CVE-2026-49949
5.3 MEDIUMCodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive crede...
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
- CWE
- CWE-522
Description
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API keys to an unintended host, port, or plaintext HTTP destination to capture those credentials.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-49949
- [Other]https://github.com/steipete/CodexBar/commit/08c171b6b487654a0eb188494fa24bd1c4272a2e
- [Other]https://github.com/steipete/CodexBar/pull/1237
- [Other]https://github.com/steipete/CodexBar/releases/tag/v0.33.0
- [Other]https://www.vulncheck.com/advisories/codexbar-credential-leakage-via-http-redirect
Related CVEs
Same CWE
- CVE-2026-41715 — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)
- CVE-2026-39908 — OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the N... (6.5 MEDIUM)
- CVE-2026-46440 — Flowise is a drag & drop user interface to build a customized large language model flow (9.1 CRITICAL)
- CVE-2026-46511 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-7313 — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote a... (8.7 HIGH)